github.com/verrazzano/verrazzano@v1.7.1/tests/e2e/config/scripts/opensearch.yaml

github.com/verrazzano/verrazzano@v1.7.1/tests/e2e/config/scripts/opensearch.yaml (about)

     1  # Copyright (c) 2022, Oracle and/or its affiliates.
     2  # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
     3  replicas: 1
     4  service:
     5    type: LoadBalancer
     6  
     7  extraEnvs:
     8    - name: DISABLE_INSTALL_DEMO_CONFIG
     9      value: "true"
    10  
    11  secretMounts:
    12    - name: opensearch-certificates
    13      secretName: opensearch-certificates
    14      path: /usr/share/opensearch/config/certs
    15  
    16  config:
    17    opensearch.yml: |
    18      cluster.name: opensearch-cluster
    19      # Bind to all interfaces because we don't know what IP address Docker will assign to us.
    20      network.host: 0.0.0.0
    21      # # minimum_master_nodes need to be explicitly set when bound on a public IP
    22      # # set to 1 to allow single node clusters
    23      # discovery.zen.minimum_master_nodes: 1
    24      # Setting network.host to a non-loopback address enables the annoying bootstrap checks. "Single-node" mode disables them again.
    25      # discovery.type: single-node
    26      # Start OpenSearch Security Demo Configuration
    27      # WARNING: revise all the lines below before you go into production
    28      plugins:
    29        security:
    30          ssl:
    31            transport:
    32              pemcert_filepath: certs/cert.pem
    33              pemkey_filepath: certs/key.pem
    34              pemtrustedcas_filepath: certs/root-ca.pem
    35              enforce_hostname_verification: false
    36            http:
    37              enabled: true
    38              pemcert_filepath: certs/cert.pem
    39              pemkey_filepath: certs/key.pem
    40              pemtrustedcas_filepath: certs/root-ca.pem
    41          allow_unsafe_democertificates: false
    42          allow_default_init_securityindex: true
    43          authcz:
    44            admin_dn:
    45              - CN=kirk,OU=client,O=client,L=test,C=de
    46          audit.type: internal_opensearch
    47          enable_snapshot_restore_privilege: true
    48          check_snapshot_restore_write_privileges: true
    49          restapi:
    50            roles_enabled: ["all_access", "security_rest_api_access"]
    51          system_indices:
    52            enabled: true
    53            indices:
    54              [
    55                ".opendistro-alerting-config",
    56                ".opendistro-alerting-alert*",
    57                ".opendistro-anomaly-results*",
    58                ".opendistro-anomaly-detector*",
    59                ".opendistro-anomaly-checkpoints",
    60                ".opendistro-anomaly-detection-state",
    61                ".opendistro-reports-*",
    62                ".opendistro-notifications-*",
    63                ".opendistro-notebooks",
    64                ".opendistro-asynchronous-search-response*",
    65              ]
    66      ######## End OpenSearch Security Demo Configuration ########
    67    # log4j2.properties:
    68  
    69  extraInitContainers:
    70    - name: sysctl
    71      image: ghcr.io/oracle/oraclelinux:7.9
    72      imagePullPolicy: "IfNotPresent"
    73      command: [ 'sh', '-c', 'sysctl -w vm.max_map_count=262144' ]
    74      securityContext:
    75        runAsUser: 0
    76        privileged: true